Alerts
5 Oct 2024
NA - CVE-2024-47840 - Improper Neutralization of Input During Web...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue...
5 Oct 2024
NA - CVE-2024-47845 - Improper Encoding or Escaping of Output...
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before...
5 Oct 2024
NA - CVE-2024-47846 - Cross-Site Request Forgery (CSRF) vulnerability...
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
5 Oct 2024
NA - CVE-2024-47847 - Improper Neutralization of Input During Web...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting...
5 Oct 2024
NA - CVE-2024-47849 - Improper Neutralization of Special Elements...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects...
5 Oct 2024
NA - CVE-2024-47841 - Improper Limitation of a Pathname to a...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects...
5 Oct 2024
NA - CVE-2024-9385 - The Themify Builder plugin for WordPress is...
The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and...
5 Oct 2024
Medium - CVE-2024-9455 - The WP Cleanup and Basic Functions plugin for...
The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input...
5 Oct 2024
Medium - CVE-2024-9528 - The Contact Form Plugin by Fluent Forms for...
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up...
5 Oct 2024
Medium - CVE-2024-8743 - The Bit File Manager – 100% Free & Open Source...
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including,...